PaymentsJournal
No Result
View All Result
SIGN UP
  • Commercial
  • Credit
  • Debit
  • Digital Assets & Crypto
  • Digital Banking
  • Emerging Payments
  • Fraud & Security
  • Merchant
  • Prepaid
PaymentsJournal
  • Commercial
  • Credit
  • Debit
  • Digital Assets & Crypto
  • Digital Banking
  • Emerging Payments
  • Fraud & Security
  • Merchant
  • Prepaid
No Result
View All Result
PaymentsJournal
No Result
View All Result

One Month Later, Marks & Spencer Is Still Reeling from a Cyberattack

By Wesley Grant
May 20, 2025
in Cybersecurity, Fraud & Security, Merchant, News
0
0
SHARES
0
VIEWS
Share on LinkedIn
marks & spencer

Abstract blur department store and shopping mall interior for background

For over 140 years, Marks & Spencer (M&S) has been a fixture of Britain’s retail landscape, but the department store has faced sharp losses and operational issues following a devastating cyberattack.

Shortly after the April ransomware incident, M&S halted online and in-app order—services the retailer has yet to restore. According to Reuters, Marks & Spencer hasn’t resumed its online operations out of an abundance of caution.

A group of hackers gained access to the store’s systems and threatened to shut down the company’s network if a ransom wasn’t paid. M&S refused to succumb to the threat actors’ demands and is now working to restore all its systems.

The attack is estimated to have cost Marks & Spencer $80 million, but the impacts could go beyond monetary losses. While M&S said it was surprised by customers’ willingness to shop in-store, store-sourced voices raised concerns that customers could eventually lose patience with the lack of digital options—potentially leading to reputational ramifications if the outage persists.

Aggressive, Creative, and Effective

The M&S attack was the handiwork of a loosely affiliated network of hackers known as Scattered Spider, which has carried out attacks around the globe. A smaller group within the network, called DragonForce, is behind the M&S hack as well as similar efforts against UK retailers Harrods and the Co-op.

Though British merchants have been the initial targets, Google recently warned that Scattered Spider could be just as likely to target their U.S. counterparts.

“US retailers should take note,” John Hultquist, Cybersecurity Analyst at Google, told The Independent. “These actors are aggressive, creative, and particularly effective at circumventing mature security programs.”

The Magnitude of These Attacks

Bad actors targeting large organizations is not a novel phenomenon, but the scale of damage is broadening. For example, crypto exchange Coinbase was recently hacked in an incident that could cost the company up to $400 million, after cybercriminals bribed Coinbase contractors to divulge protected customer data.

Similarly, the M&S breach derived from a contractor relationship. At least two logins used in the hack were linked to Tata Consulting Services, a company that provides IT and help desk services for the retailer.

The magnitude of these attacks will likely prompt many organizations to reevaluate their partnerships and reassess their security measures. However, as criminals become increasingly innovative, businesses will also need to find creative ways to defend themselves.

0
SHARES
0
VIEWS
Share on LinkedIn
Tags: CybercriminalsData BreachM&SMarks & SpencerRansomwareScattered Spider

    Get the Latest News and Insights Delivered Daily

    Subscribe to the PaymentsJournal Newsletter for exclusive insight and data from Javelin Strategy & Research analysts and industry professionals.

    Must Reads

    syria visa mastercard

    Visa’s Stablecoin Platform Marks the Next Phase of Digital Payments

    July 17, 2026
    cross-border payments

    Beyond Pix: The Cross-Border Layer Latin America Is Building Next

    July 16, 2026
    digital euro

    Can the Digital Euro Be the Difference Maker the EU Needs?

    July 15, 2026
    tap-to-pay

    Tap-to-Pay Gives Small Merchants a Big Advantage

    July 14, 2026
    cyber resilience

    Modern Cyber Risk Is Breaking Longstanding Security Assumptions

    July 13, 2026
    Merchants Real-Time Payments, swipe fees, BNPL

    How Software Turned Payments Into a Seamless Part of Commerce

    July 10, 2026
    credit union data, credit union technology

    Inside the Tech Shift Redefining How Credit Unions Operate

    July 9, 2026
    embedded payments

    What Embedded Payments Can Solve for Small Businesses

    July 8, 2026

    Linkedin-in X-twitter
    • Commercial
    • Credit
    • Debit
    • Digital Assets & Crypto
    • Digital Banking
    • Commercial
    • Credit
    • Debit
    • Digital Assets & Crypto
    • Digital Banking
    • Emerging Payments
    • Fraud & Security
    • Merchant
    • Prepaid
    • Emerging Payments
    • Fraud & Security
    • Merchant
    • Prepaid
    • About Us
    • Advertise With Us
    • Sign Up for Our Newsletter
    • About Us
    • Advertise With Us
    • Sign Up for Our Newsletter

    ©2026 PaymentsJournal.com |  Terms of Use | Privacy Policy

    • Commercial Payments
    • Credit
    • Debit
    • Digital Assets & Crypto
    • Emerging Payments
    • Fraud & Security
    • Merchant
    • Prepaid
    No Result
    View All Result